xorist | 65499d28c56270f3859faebf0bd376f8e19b166ad4c65918e16cd0a8db4d7c4c

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Size

39KB
MD5

8120a1911ae7d00f4e5a07e4c0bbeaf4
SHA1

fc030f2fd2116f95e81926212054c3930541a653
SHA256

65499d28c56270f3859faebf0bd376f8e19b166ad4c65918e16cd0a8db4d7c4c
SHA512

1c7caab77027589ab71a6e1e6c755c1321ae0b8978887d3d4c37c94c421ccdb536764d8093fb6159ade05590dea0eb1dbd6955e1beafba405faabaac136fcb3e
SSDEEP

384:7ebFNw4Pk1itKkpAjjalrxYqYvjS3kDCgSnJFMB:70FmBkpKjSY7fDCE

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/3096-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3096-3329-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3096-11203-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3UJ76DcM5gR8996.exe"	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\circlass.inf_amd64_9f3f831d13d3df1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc_vfpp.inf_amd64_9ce6f68c11eede58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_399f04975a0af112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3096-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3096-3329-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3096-11203-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-200.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\5.jpg	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-125_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FlagToastQuickAction.scale-80.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\profilePic.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\PREVIEW.GIF	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-64_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\10.jpg	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-150.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48_altform-unplated.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-64.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\155.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\SmallTile.scale-100.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-150.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-200.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-white_scale-100.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyCalendarSearch.scale-200.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ThirdPartyNotices.ja-jp.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Velocity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-400_contrast-white.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-125.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v2.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-lightunplated.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-125.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-white_scale-200.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_battery.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bd659d1ccc4b0724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.1_none_760acfd88cf7390d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershell.archive.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbfb065038be7df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.security.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_40d3d1d3fbaa2281\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.internati..ngs.commands.module_31bf3856ad364e35_10.0.19041.1_none_b8df611185daa388\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_4cf57b53b9d3b259\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-resolver.resources_31bf3856ad364e35_10.0.19041.1_de-de_34d0c626e454cc68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_10.0.19041.1_de-de_bec24b91ee6e36f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.dtc.powershell_31bf3856ad364e35_10.0.19041.1_none_40d9fbb0f0418d87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devices-midi_31bf3856ad364e35_10.0.19041.264_none_d3106e972ee929f2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-proxy-onecore_31bf3856ad364e35_10.0.19041.928_none_49810de45ba21255\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.0.19041.117_none_d6b5db455ef49e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\DefaultSystemNotification.contrast-white_scale-125.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_10.0.19041.1_none_c216468b91a73e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-extrac32.resources_31bf3856ad364e35_10.0.19041.1_es-es_c1106a7a90a217fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_10.0.19041.1_es-es_8e6b346889b57455\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_fed393abfa08ce21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.dtc.power...non_msil.resources_31bf3856ad364e35_10.0.19041.1_de-de_00cff98727907771\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-basedependencies_31bf3856ad364e35_10.0.19041.1_none_c2e7a999fc8db0b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_es-es_887348a5de2bdf45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eventlog_31bf3856ad364e35_10.0.19041.117_none_badf0b90718f4ae3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.15805.0_none_5fe2df342921db66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.19041.746_none_be3404fb0dff5d84\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.19041.264_none_7f6ca9c048dc8aa4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f9a57c630cd1dccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ckactions.resources_31bf3856ad364e35_10.0.19041.1_es-es_d02cacdd64db264d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7c68e1d8c2f39b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_es-es_b2bbe96b571f9778\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\SplashScreen.contrast-white_scale-100.png	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.1_none_3620cadac065d89b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_744fd835e07b80ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_de-de_69c21f2bf1f48285\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_10.0.19041.1_none_a02e3303758007d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_f064856ccbba92ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wstorvsp.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_21cfbc4b68e71483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1_none_ac040ccaa73c8c1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.servicemodel.web.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a728c0955ad88a77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_10.0.19041.1_es-es_df6fd8b80a2facf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_es-es_c60e67f54a332964\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..cglaunchpad-library_31bf3856ad364e35_10.0.19041.610_none_643fc2f5b76e9d21\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-http.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f7b6ae8032e91c8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc807d14dfbeab18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systemrestore-srhelper_31bf3856ad364e35_10.0.19041.746_none_8cdda2c8b94cd690\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_eb69ddaed571fc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_f345d6366fd7db42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-eamprogresshandler_31bf3856ad364e35_10.0.19041.1_none_b5aa2da341c8b298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_en-us_77a35fdb40cb2361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.546_none_3b99ddbdd73c7491\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_10.0.19041.207_none_74a738c2ffcc1a90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..l-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_ff4dc2331fb2ae79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7348d18e55700393\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nputpersonalization_31bf3856ad364e35_10.0.19041.1_none_7f03166059b12daf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_fdc7ae3c4253f807\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_de-de_4b74a92630b09b8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-opusdecoder_31bf3856ad364e35_10.0.19041.1_none_9bc930607335683f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotcli-dll_31bf3856ad364e35_10.0.19041.423_none_a674d42538bb790e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-presentationhostdllmui_b03f5f7f11d50a3a_4.0.15805.0_none_6a8f0031c627ca8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fssystemrecovery.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b446f7dd09b30abb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wvmbus.inf_31bf3856ad364e35_10.0.19041.1110_none_94fdd5ffe5705b27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_34bb15d0aa3fc3a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapttlsext.resources_31bf3856ad364e35_10.0.19041.1_it-it_1586c3f738d0c57d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\ = "CRYPTED!"	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\DefaultIcon	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\shell\open\command	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\shell	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3UJ76DcM5gR8996.exe"	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XWQMWENWANTGLEM"	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3UJ76DcM5gR8996.exe,0"	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XWQMWENWANTGLEM\shell\open	8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8120a1911ae7d00f4e5a07e4c0bbeaf4_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
3e4713e42890c58033f61b5a54c3500f

SHA1
442a8066d0577ab88b075fae91c501ba25439964

SHA256
4d972a0919c636e4308339b40d7433b9fd67c6620adbeb04eb6b606de22a271f

SHA512
5b6f63fcd6be670ddd5439ae1b642631a0b62543b1096f6a412b496a84857a4afb9528612932764c304d767b522c8b5004793e900eb1b849a522fb3afb570d76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
ccb9d679713a5021751fe19f47cf84fe

SHA1
a2b853939516424cdff9f616231613df5feae859

SHA256
c38478dd6b2cd47722320b38051b0427b460ceb0ad315d27ebbd349fb284ff54

SHA512
cf251cdfe3f345b11d28d73098eb00262a69abf8be497eaf5472f9414e2fa9fb84c93541ca73d2b91f635c3eee29f106b4ea40dc9793e8b416d0255c18330b7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
e53b143f5b7a0c6a19eaba20486f5f43

SHA1
8b89d41db8a4dba9eb2fc5a30fed952f80779677

SHA256
b4dbb8bce7b0839af0349d78cd136af91b954c77acc55bc39ec339614575472a

SHA512
dfb7f592b91f0e07c9f3466b574253cb350aaffa88b6b78561378f794fa396a9b8015bab3200529b5e644e0f52ec76e3c044959de90f26722b51c95fa36d1fcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
778ae1e7055aa984e6f8e98b6171c5c7

SHA1
21ac0bb6ae42220ec355dbc5e81825ed15e96de5

SHA256
42cc1c289cb93cdc237721e12203a1b12908ee0e3f1314f4822f76589b672ba7

SHA512
c9b82e2b7509d82586cfd70647b6db5993f32b28ef03b0f20b5cbb5104c05ef91a65c9ff1942df6b82c794b29ba4b4d89e8f6e21d6b0e588c2b12099b26d3e75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
7181423ca5548c8ecc71f278f8d799ed

SHA1
d5e40c70159c13c2b736ddf9c2de61666fbc856f

SHA256
f018027f897305bb2daf6641b3e102f8febd95f655267ba63648d8b0d6b23e64

SHA512
e1d82024b19ea5b7863a15548d9352ed538c0a15110b049c36672757f2c74d52c2f292b2135ec2c4879e4e23f51f3372fc87f9110cf7e98d7a91dc292165cfdd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
b422f5bb473a1905447391c8557ece9f

SHA1
4c1131343875734dc19d036feddea6e2bd9d4288

SHA256
022c93f30dd4a0f866c21d196c61e532ec0345d308e77899cdbd97d6e43bb39d

SHA512
27525e0e580c53df4017e41fa2426caa789e009ac6d1dc2bad5d0079ebfac4f095816e99db8c4e3aa4e8a2bcbc9156deb1a932abca94d78804f5211443999b4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
d832d93f38020ec0fdf6787196828f79

SHA1
9b168d1c63a699c359a6417a5c9a65655b0a732e

SHA256
c48c2f0d6db43078eca00290d2f35996e459b49ad1eea92f9a676930dda228fa

SHA512
4e00d677b7d067cec8226d8b60c90b262e0e204081b4b5d48557098b6aede8f3df4b1bc299f6a00c60b289a8b8ecf7ced821985a74547243ed3d945247e27d1a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
607dd9a0bc12bdb59f6a1dd1854bf10e

SHA1
e09ece91d2cac58cb9e5a71ecdd17d13e0d3ff90

SHA256
2ab601de8b3d9ff2fbbdef2e05834525685e95d31d45edb8e6695bcea8009721

SHA512
5c4fde5f3d0473052bfd0a2c058c060fd365a318f64e948d3207c6fa047746988d2f2fff901e344d595c3ec50bfec989ccfcea06ead47e76731b6c6dbb5f7c39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
1f61f2fb6c8f1649591bac62d970305d

SHA1
88357e630289c55f116f130ee15cb8398ea763c3

SHA256
daccfb3f3db713d003140a790a88809b334842f77efcaf91be717fd8132425e6

SHA512
39b1b3ffd9932fe263c974b66eea1c14d1b77e2d783b5f038b32da7eae08c077f5fb91e5798dcad2afad30588798af11bfa8d9b179d7efcfc7736419804595f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
6b97608c0b71d5d675d50681c4d66e52

SHA1
10924be7c60c886df43c1c61760ea0c58e5b3946

SHA256
19167a2d9f36d986a5c0c423f1293c6d273afab252234e709df4af898676f885

SHA512
47b8fb4ddb72986b391e13a245a1fc6b2c124aa47ae616eaffd05047472bb9c40444b15d174f8ab83b58ec2d6521f02d8f81f55b19ab2b58917b305f613d20f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e1a711dd37a295d99173d9202dfce69b

SHA1
6161eb946b18e4c4e0fbf67df4fa5601daf4039d

SHA256
b2183c57c810cccd18273fd062d5303cc1c1bd5a9dd74fec34c1ed8c490a8a96

SHA512
d6968d5bcf61fbd9e210acd60ec87278d50991669bd99fca33f56fb4e32c0db901d6726d19a3e7848d6b176b454149cd946677646493a4ab54250070c13e709c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
550597c433a612bac452a13cd35375de

SHA1
07204d27eb14f31c811773e36e814b5a8dc4d9e0

SHA256
fb4cb12cc255c166e5174590e5c6a97a6a2409d765183a77cb8d1bb7a92d991b

SHA512
6586d889226458bea5eafccedeae7ee283f23cad9c268c3702e2e92a134f6e4385e74c075507e6d5dc725d8de50c781f1fe9a87a613af520945bc216749ff664

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c63d1daabf89c7aae576489a67378f7a

SHA1
ed07924b2b964541ab43f2a7ff29d3d122dc780d

SHA256
63bb8b130539ead903cfa4562596768e287e841b4ac4ffa33eecddb90e6f9830

SHA512
e13ff7a68da4cc9ce4ab530bf8cb6bf5678e229644fcf8d156107d3fac46e63a969494db550357a66811a2248e693a8d98f255b4331868ac0c6e6d5b39203151

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
42aca9f43d5903ca75428bcdbf3ec653

SHA1
77acedce855cbeabb5d67c086d0341737ebc7496

SHA256
618ad5ac0b5f62020a02ae44bb5b6511a339afcb2a34bd8f9cfca47bf70121c1

SHA512
b52b7fa6da2eba8aff58168b65e1a1ea0270ce4e239f33ed357e9ddde8403506579e0e7409883f9c264a909a736ad8258e6bad5c7fcd12098a6aa8bc5a478bd5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
5f9ad02775bf899b047827566e044ce8

SHA1
ceded357a80aa16194bc84394cc53b812b0874bc

SHA256
e4b6f74b4aad103a9f0e1b89125d129145e4429cfbf910675e82f6af91fd08e3

SHA512
c266e9759480ed409bf5b9834d34c84d5cea3eb24c189ff479bf8af6563e7c03ec8bc26c0c8256cce06a02ae3faa87f2f1170835a9188edddc74a2159c40203b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b43dd013a9dedd7e309ea121b57939ac

SHA1
218fadac917c55da43d13780ef3de46eb540eb2d

SHA256
b45c682ea2945d1c6b3d8f956a26414cb29031628f386b879a84a7fe3ae19501

SHA512
10a48e9549b071519f5fa10f4ab3a552f643a5d232f67f9a82dd802223d9efc9e8e0dca8588e6ed178bb248d647b55a133b4855517702801d8b95e44fa289815

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
47cd60eef172fb170cb0649152ace0a7

SHA1
54bde42941143347cf0d6754e77bc71ceae4aa87

SHA256
ebbcac5541dffc26016723ceb23f221a77dc6c1d57b9bc6eb0aa6f71faa5f8b6

SHA512
b79c3f043438705e4d7af79d2977bd45d8dd67daec81d8761317b2c85feab87308de6d5ae4ce310952a44abb4221e3f726acdf4e0f063c716169e85b3acd1202

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
4d6cb13832765a8ea2f15d00f9095a7d

SHA1
7e4cece0a7347dcfb6be0b8e2c50224bca765e66

SHA256
7475e577572921b90c4c0f3a4b37c49591bf5929c2e329bb9996fae548ba018f

SHA512
507905ccb82c8f6c0ecf1fea11cb4d897c49f4db48c549198b48989bc18a58cbe06a86b125b3fa3cc83987b753efe8673b08ec80d6495a8eba947198fc3ab79a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
17f5a708cffcdd201360fd7809cebf21

SHA1
ce1f882edadd23345e4750017f514576fc987b40

SHA256
b88784a056cabb8a0fb2e6c8c076a5e3926af7d406d36548fe72a17730c4149e

SHA512
ede2c90287bc21cc0ee6cc2ba4e6b5722e81b5886eb900f30d7e03c608843bae19113b933f6b5387aefe13a2315816421bc95ae9124f6e966fba24d4b1b29831

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
44e752fa30a23dbb1c7b5aa6b5c675e6

SHA1
e582d9e02fab98b02dff453754cc54bc15dea7ef

SHA256
5812765553e8b2d293b8854d71ac0888e7fcfe46394f7587ecce81c5cb28cef5

SHA512
41f5ec2ecad24131d48baa4de3ce56fefa487d58ba828c51131371c6d25105afd46031641fdb938f2f7209c2c8a01e78b78eb93237d75e1f93cd4eb47421cd34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
4f7d39c94b5679d0cfc938cb96153f18

SHA1
c92b88dad70bff4cabb29c368c0952d257d7d163

SHA256
02dc6e234931a6eaa7b1768003e75d07844820bfed865245cda2eb68a7c86404

SHA512
da4cf11bc21b50f6b58f5ffa393ce594275f8227b222a60a6ede8e692d5292f61b94b982519dc32ea1ea40438d37124d6d4c1e6668c0a84cd9bba2bec43aa2e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f86c4efb4d2c4b17a9f4e3710945b748

SHA1
675a218c8b2b49dda2692a6d789e59029aa89c32

SHA256
e012b04ed53550bd43c568bcae27a6c394bacfa06bf41a15ed27a4282c7bb712

SHA512
dbb0ecf410c5c0df9e8d99ef37180f636fb317e17eb26ebffb31000d093022176bfe5d9d8e0580c0aa659c6b1c9a08ffe522d48357897c0b157def7c81876b69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
89c659362d50ff6b559322ef38735d36

SHA1
284b2a1bde41a3410f3e969b52ea64b0e4c1be44

SHA256
cab0e75471f3a0f0b787b5df8842159c4e414629c8abb05766bd2dd1b4dc5888

SHA512
2b743c57ac042a7ccc65f160e6ed3e016c0e594c26761fd82a0be437a82df57c084cfbcc746a5ec2385840113872f029f24f67c99cb124eb73741b0613b0de36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9c4ba0b66b957fbaacc173345f3b9563

SHA1
a57b2e55315b0514736adb583f7be76284d4cf2b

SHA256
499fc36bade1764d97e2de3bda9fe249dd7124de09fe935e33027f1ada180fe2

SHA512
59d4d18b01815c8b9f4f6373bb1edae915f701eb3412f74ca0c36726f6586883c884cf245caed7cb830f96571f914c0a2e0a9f94c7aea029416fefafd24fbe5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
6b0ff5f965b3144c4fe6c3d83c381ddc

SHA1
a439df4e9cbb91174b45be915019def054c604d5

SHA256
a05a0d13139bded1c19e65779c62089d9ec58ca4b321188770445ee03dd88515

SHA512
60e3632972c837446a675b08bea86bb6b610383278c46c7881237495f8e6670047cf9a4bdc73c987cad0c4117edee1eb90e02278c807a3e0f7487bd1d23b9edd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
9f282b64e28de3e074df4c8505d7d616

SHA1
c1301e9033c35837ec80f2f6fff5f272b767ed39

SHA256
60d36e0172da2b10b6e7bd72c063994016602e0954bc365d726a402b1ffafa3d

SHA512
b428fe64ff541911c4473facd227d5d18dac80469c14d8094ce2ffd66a692ce12281c959574a008705b889a8faf5d4a63c54c764d873e09b12cb2d0b06ec7b1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4faa8a8f4a1be1e52b477de113883dde

SHA1
1fb872de0652d5d84e562314d7f99a4baf427e96

SHA256
023c544039d9d45ec25e71b67fc1a5d190b1bfae682192f903fb055cbf31ec51

SHA512
ca49e9f726de18e6591ce047e3fc8ded2eeb4d1e6cd2b82b9a6415c0ab5ca7ced605535a27b562ba65c40bba9f43c321b5bf7c55e1d75507ca6bed9d4a698fc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
6730c5a02ea290acb5900f0724882494

SHA1
94e7c893b8db8958e753a77122b783caca1efcce

SHA256
509873ad6b64e9a060d8a45f1592379558871c7833f830bacabd06ae4e388bee

SHA512
28993e28cc1e4a8b9cb15d15ad38b4ec645b4dd517516526db3cf2545ae8d55083f5900c53a9c7704cd97aac52b4f80e920c6dd9beb75c784e888f8cca93e85b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a4d19fb32eec229b1352b64c1cb48859

SHA1
54cd04642af3dd94b56395d0f020f7963d29870d

SHA256
a3096994cec2aa7ce7125e91b0d1255b33ea62bfd2694ab65a7072dcf46d623d

SHA512
2193b5965af1805d312d4a2b930c797beadd878ec07b423c768d4f09c4672a6810ffc0829ba98440dd1c1b80eeeb0bb5552152030a2d69267759ba72296fa997

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
8d74fbe6c0aa8904e0b50544636db10a

SHA1
e406ac9486e25ae07fe7151f90e7cd847ae86bb6

SHA256
6dcb7102e4aa612101aaa5c571f7a030da7a98bceb5b81013f3eeedfa6345c2a

SHA512
1a94db7a901f143dd9181aed47502030462b328d20e64cf6d9e54f2c8b1db325c9b6cad9ceab981e75933e8d9f1cc968aa4b4d22710acfaca223dcd476d5dfcb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
819709853fa5486f519ea9adc08a02de

SHA1
b7de27c6752a9cffb3c10fc1cadf27e1ff1141d9

SHA256
a7582b854d5bc6a96e8802c87696deb41a03866a4f8deb91a5d4f5ca6f43f2d8

SHA512
4380696d4248990c3f9c45d0388eaa8e2be324b4b96675b3a1a9693e47536080303edf1c789979e6dd225ac421a456d7c16037e7b7083ab5c80e8d0cfb403347

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
d63006c1f8f33fed0ed0aa0a63d1b09b

SHA1
3b8545bc455051624129a1d14a3e2dd1c01ad208

SHA256
cb381a312b559de8bb93603aa17925647cf5bcf8bc72d9fc80229c7352f77f75

SHA512
1d86859e7a6e46f944c5fb9ae8089b802b53a427b58be98f749658ed2044025632cbe3e2a6c3f62b19570e8cebc800807bdcf76c3bb7f7e942801c30a283d5fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
f3fc3d3ff0cc24c8f1b44c4aaf70c967

SHA1
056b8e1ae3390d96207725b26ace3128e019f81a

SHA256
69e6f199bda68740461ec4d755571e51084b07a44949207762f30b8d84fbbf1d

SHA512
7e62b64a1d57428cf79c9caaafd6cb085b573a31a80c1d4de937ca9cd79a1af59877e82d8310468941da63d13f6df85ace44b0d51afbc9b231f0974dd7843b17

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
24da9e528529e50adc841c2d14251f9c

SHA1
6dd299c7a86b3049289f66490b1ea72fde31b2c1

SHA256
27be1fcd95e8e7af10d29fbabb908a07c5a05e0c1351b92b17a50889cde9bc8d

SHA512
a807a513822c3abc722717a433f7a8dea5a6931689704001b23fa672f9c3c8d1555c4c3356b80658f48bb825a9c6060e5ea2380c549a7f39d96062752e6b685b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
c10bc0f2cd65ddc27537032ae5ec9500

SHA1
3281a5e799b6fefd3ab3b22eb8917d649995d875

SHA256
e108ea5ad7341c84057f6fa226c7f4aadf4d59c10e72b61cd96928c2c96ca59f

SHA512
f9a3dfe00f057f148ed6799bbebdf7824c61ff88e3816bc67e93af36b42d37ce6ed7a462cefcb02d0771a06ca43919e76d10bb98c124c08b3fba9b3b0b2b9cad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
61824cdfe43db65a427b967885d2f6e4

SHA1
efcb5267f9e3bafc8a490319d673c81d51cab0b3

SHA256
1ff36d9fcfa9cad39317f8f4a080c2eb64a5bc65ae7dc93befcd7979e9f53b3e

SHA512
1e6e91e0ad98d00e44615fa0e1c541af2f51105cf56c65fe20bcdc9364a7a4dd04738f87218fbdc1bbc63d8884f337466978f6c1d6917be0097db946ade474ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
5734976af7326e291b01a8946e924c69

SHA1
27da3a5a682d33b70ed7d317a40ceec007cdc55f

SHA256
aebc647ed360a18e6e27b987f1b0d1eb23e2c2f32a01e758e1d73b9fbe123ce2

SHA512
d5d30b7f107768e848865ab5746ca89e73bdd6f0b2dcd48fef19be7068d30554dca355d87f8ec39092c00a6d7b6d9522ced37e4be416a30eb4db31f73760e0f8

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
8bd36474e1029ef317229d1656f12dec

SHA1
fb6749251f3b67ed5560f8f7ed39146c3a0a827b

SHA256
c8364cb72cb804a662c3f346d01630420a913678a92aedd501bb65dd5abddbeb

SHA512
ec5c3b83d9eaf2c6cc717b66cc0ad197b7a8219a198cc80162aba75308e908c3216fbc54ae98408beda6767f2fb7c78c45a16fc6d257523c6669dc276ac09371

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
290B

MD5
7eb8b2297a1f44433c0f09dcc976beeb

SHA1
c602d15a6ce1937c432e979bb86a7defefebfdd8

SHA256
1a802d9f93517d7ae4270bea7796db388664e982f48150236b14fd622e69ad84

SHA512
338ad4cdfe236c8dc945890738423f2b2c91a9ef3dacab4538eb0dccc354b2cd508892efd7352d499e2d4c15d66587be19a02e04350f2dda6462a931146a1a3c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f0e877050328d08608abb7e9de9d538a

SHA1
e7c04a5e07aa28b96c4a52d7a0820fb4da39ebb3

SHA256
d3c370d8fe6d1f0c9d629e00d10813980560e8412b5bd737600022eec69b4474

SHA512
b9c10c3864db0ca21c9ba0acfbb197adce478fefad800cdb4dabbef08cd83126e75c55eff67e8931a99fe4ea00ba26616fec38610a79937af385008ca82b7c44

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
df5f070eef746099d6f5de3592ee7657

SHA1
b384b3975382c341051345c23ddbb96f4f2771b3

SHA256
17f244c4807b001b37de0633ccd00734c7f19ea7d30069dd8bccb0429ed8a2ca

SHA512
db5d6ab526d301202c729d66e5bb9ca1690836f64d4e2b8ffeb2b42ed9ce8ffbc86653a8e6fb665d392925097a8321d59ede708b34d565a68fe1ca680fa0fd39

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
951335622edc8f980c41b5140a5992ec

SHA1
f3936069e88bcfe2c673db39ddca795399298a22

SHA256
2123b9a6b6b1b20cd0ee7e202f36b5cdead171ece237283e3533c011413d13b3

SHA512
cce6528251ff9d67aa014e8c662107b2d891c21c35934e0ff02d885371c19040ff80ef9a1edcb25f7dc3b9751f98e40a9bc51c90ad0b8dd8583d84ccc5cf6eca

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
ae6659d389fd6541d76cf18ff4738379

SHA1
dbb77dd1952d167a16872b3db31e61caf3cfd71e

SHA256
f2c4c739fb7ce4af677f6eaee64f6c7f161b698dd8e4fcb02383b32bda416b7c

SHA512
fe2cd803aeb2af02ce132b1f2d3bf6c943219985469e376896fe7f0b25a2f6ec92266f7a9300de6658fd290ba8c583b3b745d07f45c2a78e7a2a3dcf287fe4cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a860d1e5358791b452344ce437cd0afa

SHA1
d42c36ea3ea28eed1d7ea5a93c7f107236480155

SHA256
1e7500915b6bd521655f44395712397fe36de3b0b72c6aff46b40718c43805cc

SHA512
8e23059ca049b42eba77268f13af2cce8f799cae4b84a4469e859a8d63db1b06ab9faa8446ce2c3408a1f8cb0e6c67d2be0bb189b52dc926872d1ca65af4ed6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e3944b946dc34220345e181204a80c8a

SHA1
1b1e21f06de9f8d80a517226a0b7118bc0de4185

SHA256
45bfd3a7ea74174b40edac6969c541da415eac930c7a1a044a2f9b3904a6a9ff

SHA512
7ab29eb6bbdbfe8e93d06effdc6fb30ea3432f0db89b6dba9091386c273e77e730befdd3243ab4b6433d85a7371a9c0aac58d5a1089f73d5753803a5523fa95d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
e1fb1a5c9de9a9fa504a9939114839f8

SHA1
bc918dafc57bfb59b5e0aa88a4fb4e99f9676a40

SHA256
707241c620d10039ec43b0d07897440da676febd0d8b419756e3c76c809db1fd

SHA512
8cb18769d9074c9fc942474e28353598cf204a9c0add552dfb77059855189d572d6d440674a96be4c5b2d1856fe006e8ecfb2962859634a09e5848515e9879ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
2df9b1bb7717549722c5c7be9553b9a0

SHA1
96491a3d6f1bc160455c1b837093db9bff083f5b

SHA256
3d46b8e06e12a8d4f5f6a9e09b7e530326539ac568e0c5e1f86569d3aaa8dc2d

SHA512
8be7279c3557502d0e374892bf64471406d547887ea6a7903ec7de654a6cd39335eca7fd791a6c4ca827f898d046fe7a4bdce66a26757a2556d711741062d804

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ab2eacd89d00aca5bb55860396c7d27a

SHA1
bd74e11c174e9332eef780de4f7815596a99bf43

SHA256
cb42d35926883d8799b4326e8839a857168c35fe28ec56035c615d872e848865

SHA512
9f2289c90650c3bd3c0479bd94cb28551a221c2e07f5c6a1d6092b6316d84a3666acc7a8e62b8fc27070225c0b8e2cfca502060d8d2349b35464d9536624d40a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
262e037a4b930ec43135e3d9a1e9ab7e

SHA1
a7c391ecbfd565a95aa3b185ad4efd0af3c2810d

SHA256
1a3979f14cf180e77725d83585fdaf4e844c2239c852cb6c24abcb323d810ac0

SHA512
81680eef72592c152fb85ea26dca36715f27f131164752b01026c43e5f74872ed903551931fa50a1c37bf7141923797e5e499d63a3af4244a56d6603660fa93a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
b6853a7d8f9abda78d43e3529feab361

SHA1
6c516bcaf6d16c181d2fee641dde6267efad3c39

SHA256
cf4d0c0139756606db47bee47f19aa74afdbc6bcbf4d9d0ab7640c8467ef04fd

SHA512
e45eec81b4509d560dafb93e0c124d47e5a155c8545d8ca01ecba065cf91ff594c5879204eade8e6dad31d9c1231cef2f6945464195cbb1407ea94c7e09c0594

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d43f2b93d84915db0e37a92f49eeb214

SHA1
4481b0aa80a04e90b86019299b42a124cfef2553

SHA256
3b3a1e3b34bf6282956b53d1328206eaa90b17920436f72cedc6fd25e3e87a2c

SHA512
804a5a790ff418e193f75aacccc59a490c34a58ce89ecefeac2b46a3fba1abc27f8890eb5d532cbef07e3e9da0b1a761d3c643fce95e09c8e741617fbcc98d02

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
dc8c3b4bb0f65c66cd098929ba5f03bb

SHA1
ef137929450952610e786d8905879df529e5d612

SHA256
9fc57f2eeff2f4de8f38fa46387fb4f0a4abf1152830db9bb06afb452d34e50e

SHA512
4945c4f613350a6ac3f9e17a3cad4e19fca3133c8e47aeb3cc8ea73cfe10166507efbe98dfd03b6dee686f37bd76a156a93f4059f65599531aafddf9d989b6df

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
63a80dc79d18e98de451057438249c6b

SHA1
fcb317694ff773bbbca9dc36e77156a9ba0a5dba

SHA256
0389b2b1c2d56a6504daf5979accab2a32868026e4cd9f4017be1ef1d3f62023

SHA512
ed10f0fcf47a9b34d43e8ee2f2cac511e7869152da8dde5db91262bb7b05d18996689dcdeb3867d5c6aef80fd1a2c4fcf62f47bb7ece8148a7f5118664c2e619

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
9c89a710092d52796ebbb81ee1d02248

SHA1
c68d1731b150b6a3dd4c90c7bc09dc45492d692a

SHA256
23752ab63c321140d6ad42adaa71e86243444a71df8fed788395619f0fc82413

SHA512
d277393d76b1368d40906ff56678409d0ea2478555b16538962515480570961459a2cbb9ced702c3bdb6e79bfd553222d969ebf61075eb3705b01378d0dadc7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
b9f0e4ca50d2178971d94a6f9e1c907c

SHA1
c51d712d46f3d26f03284581f7ebfc70326a84fe

SHA256
dbd648431acd829785d92fc1b55d42641fd7cbb734b3d24a016b170f5516d945

SHA512
64135c66093262aed310c1914be0bbb297797bea9496451b6258b5e3915afa0f599671ef98a731954183a7df2e65c1a1344ab80f6a961ed38050a2d87f483fa0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
71591f28948467db8a611ca75be29129

SHA1
0107b47642fbe86b015f415b65a69728c8cc2586

SHA256
f5c6a38b63d86eb290f152474a8cf301c2f17197e6ebc1d5e8455a1cbedd3f0c

SHA512
1aa30a815c5e969f67f78b28c92435c66fde7ad416478ad5e4e325604ee0839df13008c5704fbd719dfe1b59f79268e40a29a9b063c1c3eb3f2b38bfc13c1dda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
5d2a6019ce621a4d668aa68647e7850e

SHA1
d43c5e77fd0337a11664081b896ea1ee0d494e02

SHA256
1afe0296fae5c8cb497417c095aee8c747f01fa275c853d330df337c898a935a

SHA512
bb549f69f72ba5938d615edb1dcd030732f9eecabeee6075f7b2b2d887ccd852009284362c9b532e508a84a524e2b1dc454a463881e4d1c9b8d91e580b738712

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3ef7b90ab4675b4b3d9494a120266052

SHA1
c798a0751a3fb185402221099272aa51164d7409

SHA256
18754b569b463dc0b5580dc2e0c97d1aac0d3761d7cef527e28dd30235ce7da2

SHA512
2399f4277fca230327c53df9639b15dbc7f152cee5edfa393adf29d5303f2d1893eacb2840d60efdaeb27ee4898678fac604cf20f11fca728325143abf90bbc1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
51ebc9c3ecb3a3b6208ec3cecd49b41a

SHA1
eca634b250066d65fee9dcc0d8f4cd6167517a5a

SHA256
2c32547cbcf48177fc9bdbcfe921b583643c8a3addd1df57824136a3ddd5fdd8

SHA512
530e176556934346d6adada0e3d3a24e886ae570ffacfba22d744545da6299f5bc39268928e9dbd07574527a7f4e7a7467d689fd601540e8142c4b70a8afc8af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
435cd369e4f5d6951c4902d72f63e59d

SHA1
bb382251fd0baf9a2ff2b63eee3f1249e47e20c1

SHA256
47207237f55b94f96559c5b792caeb33229c4f6785c9ab0ce5a3c051722f6fa4

SHA512
3463c5825f55874b657f594edd0ab89ea5b180445fd5940e08857644fd1a88cb5780575176070b2db1c537a731492b6670bd3007e51ef8a4465981c8583bb895

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
e726c39e3f7217092dcdd8a5152dde49

SHA1
b88f82024bff8d01ea95b455da36888351e69779

SHA256
fd65437cce7ed658a703ceaf3b1ef0db2cf448b5e9b953d4db589b7edbf4b3d8

SHA512
a04cc93f1e88e7c8abdeb30145fff8869a84816dffecde81e5f57085bbadfd425c78f85e88ba39eed31d24cb5d148d0b17e1bc2954b5dbfdb4ca4e929a80aa15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
7ef7aedea7145060c532191c4d673880

SHA1
dcbebc70c25794d6ff5fa119f8ce0fe8de0f95c2

SHA256
ba8eff03f1a5139fdeaeab347e51e80f1fea506af18f70a193aeeded3645839f

SHA512
dfd380516dae7808d1fb3ee1d3448a93bde2d85e7163c36ba5a653b3359ac4ee402824e3e5cf905e62bbde8055a7bd5983ab70cd9bdd3219107e2089e89ea43f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
a7861e37fbc3da1946de2c8416ce8aa2

SHA1
2438d7515777cb620df26f2237488f100d96d4e1

SHA256
30844925ef2eca94aac0d4056c776aa8a38b924f1c2b4b130b9091772a9098af

SHA512
4d5fb6aafd88fb7f99831d2d1fa1cc7518f3af1879c659056947df71984115e52d8d17a6356185c5bb479384e63122a2151041df69a096acd7220c431f8887cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
81b97ff1633df07f7265c810aac97c62

SHA1
a5b342d980367e1ce19b17ac015e13b1e82782b4

SHA256
3fca10cf023df06f38287cbbe56b5108cddf702524b4cb069d8c1489309dc5fa

SHA512
d27ab24e35787f55bc861db9e5e3ed65207abdf8196d67e64748496a676bc2695bb05fe031d5059cb17aeb77b38c4f105cc984e72f2d2c4de414d988a41e711b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
051ab668f33f1044f8ab67932d28d42f

SHA1
5f3fdb16c450525f35cddd30b179174f5533ddd5

SHA256
dd452e76dc9133b15d0b737f8bdd7b13fa00a4b68aac33fa54886a54c282c61e

SHA512
14de29bde99b3747059a90357150aac83cdad92ad1c66876be0bca28739d9596775aa2e7efd0b8abca7f86359e1159b1d0d246fa211d990cd1715bcd58f00189

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
7c202621c920a381c3a583934850f7c9

SHA1
3541356ffdee30aaf472a5995e5de7c0e4d41538

SHA256
f6e1dde9d585985e59a1fdaa73555854b8830cde9791a62e09ea55c1721f0ea4

SHA512
2ccbbbe9ea684fb14ad5402b0405e69fc9efb5c9db91d7b289cfe7cfc6aee0ebd13ea978091d8d22375b49c22b704465c9bb61e326cd0651e95da94a70326fab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
698c69957f03c7ff21160962eeadb25a

SHA1
10e0d6c4e78a093d3a7b5837309723d05497614e

SHA256
1fb089d2899f73fdea799761c2122d05f968065632b3d421404ba3b697f126ec

SHA512
c67058ec94bce54c667dc403b05326a05998e1b2422b589bf11d5b5436aa084659a94ff5a52164fa4b583cd4bab22bb9d3c7c7e21eb7f796c03e3d86528289b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
842eb0e2fc734c4800f05d875b8ff42f

SHA1
d224c5f76d21e06f42ab640ad9a43db6abf77b50

SHA256
3d36cc4db55b0e569c5868abd4c9960934411ca215d2b656b7d160cee32a1f23

SHA512
98526af8be3a6ccc03e79d5dea89bbbee4fe6826149c53141f63b4a7d24a0f8710e6ec8a9e8cef3cd5e2998516c73a6e46c69bf62753c592d8a47b86fb21ff4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
034493a4b0570241c216cb1b6b5c843a

SHA1
cda83a200c8bf05495f50fdcee488c3282334824

SHA256
964795347c72b84f5795269c23ae7d869c557902e0b801e0d2cbcca0801dafec

SHA512
6b18e93c757847ce52bd98bc98fd63ac8c34688efc9bd65bcd778e036ac4b84bf84d4e179ca04c5b6f81935b95e5f600d4aea6112abb4239fbe3b4795371fbdf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
9451fc936ee21113d601da99ebfa76b5

SHA1
c3160fc4f8258a7e001162b4c72972656a817c4a

SHA256
495a7070849e6323802c2930a85d25e1eb8ff7969506b8e0baf0eceee4cd8f91

SHA512
335af9e7a701afe7d1ea309683a9d1104a433cf1d16d59dc8a6cdba77ea2a72965e82aea5c759ed76d6e2121ae4a0f0c079fa6a02a71355ff2d1feb184e3b269

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
9dbe503de40b6088108c96b5c3aa4920

SHA1
4c12931f1442f8f00bb3aa8ba0fb2343c98e7f3c

SHA256
7056e57e3147decd7b9f8a8e2be9525190a3dac870541b06cfe715194afec06e

SHA512
b6d835b6548cf3680844fb17de76068f6da8b9d5d9e426ed5fa660f66443d5886694453d2ab993a588d9a1bb446e1e2da9349d9687d9daeaf7fe9915729e7a1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e176b074adab5afa4d7b76bf31182730

SHA1
9998f3aeb09c6dc3a6d443fc89f8d155e1e31818

SHA256
b905cd757760ad5a9bf24781c41093c34e4d6be1e64be147aaf2ea8cefbbd471

SHA512
94cbfa7e92781efe3ac8e7964c34db19cacef8aa1710920dcbec7b6cccb19a662e0b5342e5ca8eef83fec5ca0d49c96dee2c3a37d3889614368680bc9734033e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
b3bb3954e3ee0c5fd5a7c567f6dc2f30

SHA1
8a51a83627430ee2841b95acc941e7947b599616

SHA256
e6d21e4e63a5dfec3faaf80aaac1c11833b0d1ac2c5a9a60b0e5ad60b1a88157

SHA512
a3d4e037b46fb2a1444bcf8f49d72d01039a44c6c8b00455bf647f9a2140851308f7c10cb66d8f02677abc202c79929017bb446c940bb47d363e7b720707249c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
07bc376590443d7aa5366419936433f2

SHA1
2291945f7cc26c180f6de9254b1c38459335dc53

SHA256
42ac40f86816d6a98ca343ec656c910ec704c06d0b20217baf513298e9ade76f

SHA512
0b7aeb3f48dc98ee853eeeac5311939689c9ccfa3e3ba014119a76882d4edaa3404b2738ccb2bbaa15d2ae5bd08ba0ce7c11079f6f5b61d3eb2ee928e4744b60

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
cdd24d8455535a1c319e030cd3c1ac19

SHA1
2f5f52c58c19ea8afb258f3c28f50e88e1ab249a

SHA256
6434d4978fa7bd80fefc5982ebceb6ac08e397133333b8c04c4e1eb0aacebeb5

SHA512
3c1c866c908b9941121c8275c839d37bbe8a1ab866eb88efc49dda061332a6b54e3d5c3c93e9c55a9180994dd29345f688cd36d6901fe06904626a5ed94402b6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
2bbd29643fe4a79c3daef3e039631762

SHA1
30dbf9a20d0185f669939914b2e6b216df5302bf

SHA256
a404f882e285544c64c3c939c4212b2760890b89ca435ec9252423e863319779

SHA512
ce639222b0b1ca576d357ddf12120a56d1235345d6ba0794a27ce2e6c84fa9b36ea6f276d2486cf001dfdcf9c97007b2cf0dfa10dfff42bafbb213afa87ce317

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ddae59f45ffa6732b3c3678b6cb888ae

SHA1
9105049daf8dacc8cf0548cf35f1e49f1f6b3996

SHA256
5467cb3d672d49b7ae46f52e5c4e5c5d960d1cfce9f1a13f3f75590183517d79

SHA512
0117aded265c5c36e645a8418a310591649d39175f7a770eec8f0f9b474e676f4aed0b984816d2064fe661ef20c67fa8f0ea9f2354ef1278abe831dd55efeddd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
2835462bd2d1735e0951ccf74a5ea6d3

SHA1
08083ed664e7a3da5dc222ed03b887c1711eb2fa

SHA256
0d4f6107540be7cbf1bc01a4f569feb5d83934a4fa07345308fe7bbc23da316d

SHA512
17ff410a52d187b0b959c36b7cacb016a6c4b0925ed0491db54623e75f002c498de21e9ab7f7884e16399484e37ef5409211c90663ca95218405230dc54c6d5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
946e50bbe44851a2124a44a0e10ce836

SHA1
c38a1abd95c200198943331a6bb3388450afe977

SHA256
2675c0fcb5ce3c1898c8a6a59069b2bb7d69c2db1c4134a6e0a07ce5bdb90e07

SHA512
9db37f3ecc11e86a1c2973b3775b91bc7ce53760a09cd135320d81d531e113e0c4c0f10553be5a9668c90a83a6b750505b777da24cc39b3af48c9faba2a54dd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
75e0931731844b1b0fad60ebcdf0ee6c

SHA1
7ef8b3921d77fd3d29385ff2e5cae90cfdeeaee5

SHA256
1ff7dde0784bb1aa0f4bfb86f24f665cc1988ba74b1603adf9fbd42d0fa5db48

SHA512
519679048903dfb8e4f249e620cfe892eb4dd72cc38a864171e96d93c40f1fecc669411f8045e4f3e1a62028417ed48c993af282a5c730de96fe08e761c1f578

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ae61325d5f85e5f79ac9c5f08641b7a4

SHA1
2d87e32585fb3f42f22d19b8e345ae6c8835be62

SHA256
4e707b455b50df68b270d4a1d63e2f8e2489ad94d4ae5a34d4ac3269267ea066

SHA512
03a1b5d40542b22a9e853564f30573403e6c1e44e62d41bb00e2d86f90f8c6facf1701343b48f65998ff3c525ac98b425a22df6ad3ef44fe4d5f9e1660440e11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
f44960ad34f8d61979531d117fd12324

SHA1
4840d95b6482aa2e6b87304a6aa34fb03f0c61e9

SHA256
9e0624dd7609fd2f86be9e7bec6e1d2ffe3a7db31f446e97e70e88309cfb950a

SHA512
2dcf60e819fa8c5d91d0f2cb2260c4b2900e4bda5a95451fcf4621966702de7af4b28342572411ba28f5189ef1682495826c7887b91cea704fc868ca34c03fd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
08ef4e2fe4dfdcd13d3c295defa43952

SHA1
f78a008360326b7a87d07d894019b4ffcfd94319

SHA256
64697b438816083d15c944270dabb222f6deef5038273af6b78f4c9b839d0dcc

SHA512
8fb0fd99dcbacaff26edd919aa4500d226bbad9394dc672e964e907cc9b90f2060e36aa1902192e630e6ea8782457389c4ad306db2a5b5f7a3b852a902104f58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
176816147bed910e821b33257bb72b52

SHA1
65db3a6b424f5291d3ea85c7d626cafa4a526ec4

SHA256
3b0310bb7462d00fb7cdac7626de8702e061f183ea8780b4bb4e6bddf9fa50e2

SHA512
4d0909d4753364ed4dc70c85157f415d3eff3cb4823e77f59ea86a06bd4c504bc2c47306bf2aaf471fdc00b235cc5afc9fcafa6d2fe07744dafff8560d42b99c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
5c669274891ef08a9330708f18ca1e70

SHA1
c180616144f05428356bb18b73f9048ca33d926d

SHA256
8e72887a15789b1fa5fd678a176c50fc1344dd05838f3b30f1991b59feebd573

SHA512
d98bb77637152ce40d4c791514f244f4ab2db4c1b96adc4dc22ff6faf52149a47a3b358f267353f488b145a21ec07cc3fb3c23676afaed675d38a60ef3bb64c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt.EnCiPhErEd

Filesize
63KB

MD5
2c52d3b43d8363741f98c32a0c70d743

SHA1
c4dfb8da06722c547cb07642cede6085dee1265a

SHA256
54ef18c63949e78daa16d085f1554d22869be2caad18d10b452992b9fcc1ca5a

SHA512
e3e660231c52e5588c358a96f3bd14d31cd805e4304b2da244bec4415d3ee83138b9e7cb2f7acb65f5138dab31a65b5f5ee1ab61c9a3603b0e4fca965085dea9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
9ea386d448103f934f44ddb23934680f

SHA1
f66545d9ed108bf0fb7390527f6a37ae5ce6bfee

SHA256
fe9258530711d2fc5f909207e1c28862c4d89e4e64a698b88b88d468499842f4

SHA512
23a41479411ec8b44a287b1b1af03a173744f604da4bbd849a77fa185a26cbb04684949aac063f0f7133b1d91a557024fa46067050748ff04122269fc382c71b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
b1193a296e5a34584d71cf0ec29293b5

SHA1
2b74fe4512fcd69e31d7d83f4807b20c37291e8b

SHA256
3e6e9b6a5ddc8b0eeda01d90d5a1dbc4024c868354d84c1db4586a2f885c285d

SHA512
5ae19e0b19f75bacfe38c53a9f54150a67873f2844edfd05c946d101100711034c9ceefcf838bb22fcb88ec5a34e8a8101a3a7d30503837d6a3b33e9c26fbc9c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
748630d135c1e3a5eae217c7e93bcada

SHA1
fdc151b26104c83ec7a8244ba82d492eed9dc47c

SHA256
359034bd55860b213a046cc5c5649c244eb9823592c295f3813bc171e41769f2

SHA512
eb5be0aadd44f87afc2356a7b53d35dfd82a588c61004a4327746b843680c77cd4c860684056a3dc9292ae52e1d289e8d806c6cce753595bba3f877b2e0000a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6da5ec71a58bf4436bb767d4d2c6d865

SHA1
cf579ff0aef6823db6778e1cf43a0af10693e92f

SHA256
db70019a6d915449b487948200aa05eacdefa5cc7890c70a9a342e0db6199516

SHA512
883f085301903fa60d6657055d567bb545c4eb1a3632cd7ffefb1230d203b20b7c60b4ffd3d79916deb07aeb75977693b79eb302442ae3a743c64a7c9cb31b80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
888fce1e81497443a661a8410e65c087

SHA1
c912d35efb33454be204cc91eae9b70f0cdc250f

SHA256
d379f718b191fe123455e77908c2643b72252028352cc961bea7e5b47872bf3c

SHA512
17d7b5bc0119d0d3ac331065317794a74b8500f5f4c78bae40d8f5c50a89f8ead90f6b1177c2454b014eff0073e05d736e900361c1622195261c5bfd1318cc44

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
ed3b8c2b119c93694b3f02daef365fb3

SHA1
d33d342e4fb66633a19721dd9c9a2120faba4e98

SHA256
26156e457738a49d083f6fe29f0e12ffa3781e45c1c0b1a624e596ab4f2648ed

SHA512
3af2711d43af4a52877339842421da6a120e60735e1364c45c23431d79d57610f6a731d7dd9ece283b18eaa5ef1749f2134b533cefb2d10fd79e9122cc13fc6e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
6f15048a5e25e788dd5c07edb411deb9

SHA1
c5f89b066bf1d4349c6437e94921f10546b0084b

SHA256
eb2ca20fbc8034e19c26d9b1c152d343c689b1896c91ed8aa7647be77211c5ad

SHA512
e4d319aa4ddeb7e88aa070e01b93dda967b16a1e847744ea8e6701f9420cce81cad346790f8bc9e953e6abdb8e7549816475df9c160595fd8dd94fdb991ca642

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
d0cddbf6daecb993331fc51be02d8ec5

SHA1
123f180161e7263fd5f352fe878a02f6975d5e42

SHA256
b7b925cf98b0dc4ecf059a6597975fdac57992156af91e8c0d46967c2bab8a66

SHA512
fac505ee854c79f6f230ad732eb628140a61514414fd2ec4043ff501524e97ec5a4e47d8347f098e6db1a095d6ce44fcc86e80197e149116f5fac77a98cf551a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6edc6b7febfa93cb954f8e94117c5b74

SHA1
345bf79e9c5237f6e5c44372952502ddb563e012

SHA256
2e92cf385dcbe9efb04a5324ca682269c0831806c24cb4f445ef8d6a72d66b5b

SHA512
d655df02cad25860fd8bc2e13dd2174aeada9e452e6cc3961d91acae41147fe749d8f81b718b38b14e0c49d08e05cf86236eac4d37ea6b854d7792f48928e238

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
145b150db22ec8bfc0600df81363cf23

SHA1
07e8084a08c6b21166d8784597f8c5baf6553710

SHA256
ac8c1b21524c338eaa0b3e8652485ef790e7b57c3d4c1145d60cb870cad7c6e1

SHA512
08829f6e6dd3391281b2341d9b092f7878acc22bf9b5f9f20bf3f42237701024a96e3c9e3b958c39519d5681e8b8dd086aa33bc9a2970bbd324cccce3be7348f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a688072805ceb2851d6f099cf6902bde

SHA1
79222bcab3cfa919c6c157591338bdb5941ec109

SHA256
5acffc0cab00574432666806aa4367e2047510d561544f8d2c26f988887dad65

SHA512
17038945d39a8e3b81bbb214c1f0e2a17c685df3fecb727898894d59a9f743c7ea333fb6d0fe7d08f42b50a7838dd8cc41e0dfbf696c750b99045fa9c0ac6f19

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
edd245fe547d77877a4ecb3f9290620c

SHA1
0e44d4b977ad4e2eb4590c7e49ef54f8a2b9ef00

SHA256
000b798f4b3e78729400f923c34e75d1b6c7581288aecf1a466ab84f591ae88d

SHA512
148736dc2bc096febb863f6fda04e949c7edf620eb64167d74fd0864bc306d6dab78b34a7e965427c39ee0139c7ccfa80e0414ba5525fde5e819db1c7d332db9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1b745415b7b0e7684f2070146ce1048d

SHA1
99b9818a14633cd6599d55ce2e89e40812192497

SHA256
df2510bd54a2df9bed42fb5f9d5a7ec50b167ca9f3851e30658c1b8a9d48d579

SHA512
5c6d562a307bf3d828dc10388a5509883ec09fa4144681bd1b3106fd5e110900caf6c0f69cf921a478a4d703f5135528b010157c6cd0bc9d67e8b3d2a94267d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
91008afd387c09b2f7d7382e66347af1

SHA1
d5e0a9f0294ad3eff50c691bd36f6fd17ba71471

SHA256
7d5824af7f155f5d88775e1713d1a4acbc8e499f7a0b9b19c74a2b602c7fcd2a

SHA512
fbd36b100b13cb06df2ef74450acea9da8e56ea11b498b90599cf71392d51afab90efe8b76cb35a46eba372deaf9a549ecc9b4faec10fe15c033118f04f0d612

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
38e2f7185e1eccb0afd10ffff0133f21

SHA1
c470933bf3620a47f5bcb28c4a06e0ffe7a8a5a6

SHA256
6cd0583cdf3b2428af4533f691b8317900070ed28f53b9ff52be2cc09866edfe

SHA512
38c444fb6c81d54308cd3db7947bbfba5f47172c7a352697a95ee0e3a577ea299eae89b8fafbb0c783b640c914c3c2d63b918bf0254357370075ce80ecbdc603

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
72fdf98b3b3da31c9ca59ca40f64f914

SHA1
dadf3ad899db6be5b03f0befbd1771a5af218a1b

SHA256
627ac4d083ce0b5edb7bf0f8543a9bd2c85d470915159cb570eb09e4aa196f02

SHA512
540483beb6dbdafe43145b6e2334dfa752e9e74c48aaebabb20782781bb71b8d276d52ef3e1dc8e26350c47ebe93dc2c4be06a51189a1fb79661a997bdce7e51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
fc9b148608a5c5cab9a1a5d4e5a1e0fc

SHA1
6e833561e8e7b6f295e76a2af14c3572a88e7546

SHA256
f0caeff82eb6e7f3f60999ef906261475cbeb5dfb5b5f0a962aba023697f2883

SHA512
1c29dbe30f20eb78f3b6bb5060f0872b7f5a69dc7e096173fd6ebf002fb1f6669deefe8fdf1bbb498fe356bba65353a41198d919d46805fb84b8232096bccf2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b3e966ec8ef2064eed35df03222935bd

SHA1
f01ca7164e2709f6345f4b45b7053ab1974215d5

SHA256
abcaf052a9878dd0a629fd3eecc5ffc84b100e40a9de47980ab8c1f0cb8df110

SHA512
c91461910f554701727660962a50fcc58777717e528e8625062320defc2e6c8b826415f77d046deedd30a012a48eaa8ca3f4cefe7f6bb7cf9af0f2213d393f0f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e919406d1160d69b4642c9402aaaa0cd

SHA1
3a65b376f057a231826193f68e1630af7efbb7ba

SHA256
f62406e374bc1feaaa48a304e4410dde7aa632487230da9a84ae09e8d7561656

SHA512
0cc84c27d6e049e9d932c1561006dc71cc051f58abbea1136aba26e71737b6351a71fcd431d6abf4d96eed970427112a93ff9fee0bd527a4c43f2e3fc42f5e05

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
c4a1161e3328b603ab442cc2edeca3c0

SHA1
eefb9cf63e15c160e9bfdf6b420e21c9dbd9f62f

SHA256
3d6638274526ee6f929421b93939da971cdba93a0a1be217bf38218b86e7f292

SHA512
57fd13247383278c028607f3d376578cdb66e42b549a0d53f4960f1348321a7a3eab6a6874633850565112b4a9c643376a61eb143a5898928902cd6637a2be4b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
909db1528528cab08409e81bdd1c84a3

SHA1
6704a0ea9d1fcb3f208c317f58e70520d9efa234

SHA256
1ff9d632884f930e16fa31c01926bc6bd6bfa601b3a7619b193c1e77735fba77

SHA512
05a16b6a3f1150e82e44468cc3c03a680e39ae6c699fa2b458c9418ceb68dc8c5ec0d733165241000bb2c8e4b64cb9e0f1640605e643f7aea778d014ed1ac473

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
5b28505f88d88dd64c3d15606dd244ad

SHA1
69aae475fdba5d0e2dd4708b5e9c7bc88928754e

SHA256
86594b28d516443a17c9eedafd34529b12ea4d875daf18368a29327fbf57f080

SHA512
a79e549cebe657cc6d0a1970e777d7ce5cb56dfe9892b9f0e440e397b7e6ee340db0922d6666c6b83122345b4e9d424a4d0f6cc10575a1327bb806cc0b449f77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
d0b3d7c72da5c2e79350564ed98acf14

SHA1
fc1c5e909f7b37f9316544bf48d531b1cd505b47

SHA256
7673a1a7d9d7a30e035ed6f3224ac713b179adcf4570d2096ff36632effe166a

SHA512
6dd431b56754c3fdedc82f879702b4e49a39ab4b9a11ec2335be329687742efc7ef33cc429a71a2f4104aa5aeb8def4c3b784e88fd4add5f99fa28139d6366ef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
128cea5976c95082c724f08e9e2f90db

SHA1
333af0242d32b6e94466bd2c5be90e0d278784c6

SHA256
4b6945b2b7ba7f1ec4d8e23c397c938a67a07769d06fa8b6666508990f3eb247

SHA512
64acae662fa51677faf908aabea8325e9706eb1f23f88aa898536779633a7578e3be660d79490528c89c29a75f09a48477812e2f8ca289633ac7afa1c7aa2160

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
6ae17203cdded0eacfa34e42b2fb4b5f

SHA1
a572f927ba0e024a6b8d3bbb27c6e412846b3980

SHA256
96b16a458c0e634fc40551dec03f581789af4accc3c65324e7ee1b897a5b08dc

SHA512
0db105961e64fec22c91c530ebc603063f3121dce90a119621fa73701daabe2bd8e835ed78796be990d9f229ef60e38a8333d1e99d438520a205e547b82955bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
c40bfc36f8fe7d9bd8172801b8a5bb7a

SHA1
2ac39d0ef09792e51f641c78ae1c2caf11b1d79e

SHA256
3490e34f81754949daefba112a3b66a3ba3c780579130221b910587dacebc79e

SHA512
bd6b9ccec91e98849fbb5dd576c03cd42020daba1501308c1fd956e0b54b077f2600d792aca6ab6cf15aea7b710797edc206485350ff10af8b834a95b289e8b6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
a35d6f14ded10a351643a376ea71354d

SHA1
a291e6b2b8ff3896a2c6ff4dd13b6d179c882c3f

SHA256
ca20b22c74d1fb1d42ec1ca39bab46d029e6adaa129bbf295c410906a68e6d54

SHA512
ba38a96746620de2eca15d5225e66a8ca431b4c967a050663a38c37cdde54c9f0910cb61a2794abb47d6a601cb7103e398427d36a57ea99b08ef5bb8e498a087

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
57c8d7ef2ed132e703203b9a93ca25e7

SHA1
55dea7aaf2574c185be5424b94929d4e264baab9

SHA256
bd1a4c7a66acff9fb1bc820bf419c393edb52767827e39c3a05b1bb92db24e39

SHA512
eff16f5f8ae90377e55da5b26a07fa9eabb91688376408e019a2e103f34dde333e97671ced0f99e073d22e9830af3824e192d544d54f0d5d4cdc6a15bafc0440

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
862e4dd53e6463f4150ff3cb4a60137c

SHA1
7bcb7c4742f34c7ef4c7f6a8d41c4eb1ab5516cb

SHA256
2aec2cffb8b0eea0addb5fa8e57c19e287876975dfe8872f8eafde5547df5b24

SHA512
be0c0278946d7291629c9b87a7694b02f40b420d5c9bd4b53a90e2f2cc0235746d369c8478ffbd45aac2d6c7d8556630f17bab3d4d83cebfa7073ae746ca6fc8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
adaf4b6c5b2c27c017329005f3c2f464

SHA1
615bba1994ed5f2544b7f819162bf3b0e2a63d8e

SHA256
cce777a28a64b4d9ada347c0b393d46f10ef36439bf5a197d5bc0b2e18f2e2d3

SHA512
4b7ecf24e034cef1584227f2995c425c6bdfbc044a96d19ca59bf777817e2d64c72358455542f6bf7fbac0608fc0b8f51bba8c0297852b6a0bb62d5fb88312cf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
c38f3bd99f974366c18b39ea67934ea0

SHA1
40b8f8673c595fd4d355657b39e97a1420f496ce

SHA256
a51c3176b713480ee6a8320a89b6167aac99a9bad528ca8d51ba9dd1bbab9e0b

SHA512
87786414af0c7339daed22fede9916d0ff99c495b465580605f5e0967a3c61ad2d394bf9026b57f6d76f9bd861dbe9340f575dd60f4846cf21cab8a8ad9b0304

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
e3ec8376cdb6aad78a1dcfa4ce783ad5

SHA1
d710e71894fdd9aa6319cf00c4bd97db7d034f88

SHA256
300faf9d08dbf43523fc6471e2e58f58dd18288312ad7b2cb02894c63d479247

SHA512
60e35aabab340158687f1dca9208f45088cf23072ce7fee821a2fba42ad7f9835ea93050d67dcdb21f9f835f747c1a77bd17c968b6b724fcaf8a96f4a092f00d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
e576e60316ffd9f1145b9144d639166a

SHA1
9d3569baad502801fdbea70a34dc6010a77b74a5

SHA256
710c219418739b259981350000945f5af4a2f1f366e29bf322e04296ac81318e

SHA512
b20b3ff9e169ab8894286390da6343ebc7ebc9db52aeab3338def1e0c194764e05bbc3284263fac334373cc88567e73466df7d499a4cef082f543a1a496f54ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
bcbee3fa57ca36cedab0addba6ba400b

SHA1
6dc4966d81768cdfe4716d4cd8dc13c129299830

SHA256
e53f7122bb0b1bc3491416c94f880224d931f46bf98d67709b62ddeff8fd57c1

SHA512
8f3368c0cb0f09dfff688b681382eba7c1312185e7e73554627d2ddf1146439f533c86f06466c79e0ca5353273ec2733b4eb6c292c6fa8642bc17d20559c9661

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
51a3744b18cddfd46d70143d9e484674

SHA1
d26ef1eddac0aa2da0c22992319d8d80694ef152

SHA256
c5e82e9605eb1df2d96eaaf243c1e5f94e0659ba7f4221ec231f366e70a115c8

SHA512
c3e2bc8ddc50308120da7f8dcd02c4b2cdd3b3283a3635124eddf0d3a76e8cb0cc8a63dfc66e16b3fa177f2ef00e51ef6e34459d7efb34d620c337115672ba95

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
668adfd4180c008b441301d9cf2d5059

SHA1
e693e5c241f25b807fc09466ce5e68e910add0cf

SHA256
acafd666b16a619a75074aec3dea517594c4b188b7b600402bfdc3fc00d1a9b1

SHA512
89d3a590bd3af7fb6bfcf8bcd2e11559eaba7970cfd58fbb734e1f0d0ef30436b5fef600b5f12160a188285170492b61c98ed63a86288e26ff1ea4e32e711adb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
6db7851ec0cc1befbd6164ba38c7b5e2

SHA1
0a836ea16d4c67632ef215750dfa18b73b46efdd

SHA256
1a419c372795fe3c6bfbfacc43bbf1594c564aed9f85a00fceaf3c1bde0800b0

SHA512
f18e03393186e902689be9d801369d41de266f12064035b0cf559685a7f6c9291ec214a6342a72ce825d70ea4edba18e4571f4d0b6c788198427a0f81cabc49c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
7a23f03993e7fca46ef9ff59ea3ebc74

SHA1
b0e90d59bd29fc74c47863cea667ab76d35f5531

SHA256
78c190356d58d9f42b96253a15b8649636ae66676bab454bf63ce2d9096ca3da

SHA512
21d3a52c0406519f1588fbbad45b1e23b0a779f17fd93f1f498de26b43b41e2c0a57bb639adfbf0aa1df4197f525f3e76915fc0b510de24641022d81c491fd86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
f4f105f5cddd9bb60ed96cd4665344ef

SHA1
17076eca1228ab1a8e6ed6d63ff281bf236903a8

SHA256
183bfe479ee2aa08c2921bf26f48db1d3304cd9bf23a1dac763de6805bbfda52

SHA512
e80e7c9279e44dc20e34379824d12dfc94ac2536eafeae0c3b8da37634b6341f6a2bf91104d4413d67ab3d0437becca5294745fb4f4ebae376f28f6a7c4c7987

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
9151a01660b95f6cb5b27fc373afb9bd

SHA1
96e464a78ec1828896d69b27f3fe98905629bc9a

SHA256
ca1b926e8dd51c3816c7219c4f8b5ca6b9187537209de04dcf1ea3929ba4d1f7

SHA512
9811731762941f79ef809776aa593e3c97d99b4813a06ba17c76a95053d988c275d69c463c91e32851c77f3f4cc58dfd6e4df5b2093d1ea3bc50a4ba8f3ccad0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
f2fc9d3ee1da739c32374cb1544a29b4

SHA1
85dcebf34216be22046c4dc081d37be4ac1ed44d

SHA256
2fef3cf13029af4329f6299babf5df06cb3895551cc7672eb2d8ee5131a154ed

SHA512
b419313bfb5edb7988495d763951bc19925371ac9bad3db761be27b5938689361a56c6b2de3961416776740bc921ffd9a51cc24cee93b2f5c46acf7ef1699e7d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
8595a424201464a20a0d6fb2636d2e91

SHA1
9998426c81b8cd3bd28bb88ae8c2d9609029a776

SHA256
8e82bc067c871c67dbb99ca8200c204e98f1b61ba588b006da99b0eca91310e5

SHA512
8450277f7381e00a5b08be407be2c1e154af3dda30008d5b3599b6e053d59b30e6ff478cb6f2d89e376c7d434fd0219e3ad71872ea4459bd429c89b9ad7917d2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
f2407dcd882e2d3d1f80fda153af5001

SHA1
cf2d2d07baa60bb7b293091eb63698a7f6d8fe5b

SHA256
3494be4bb460fddf4344259e51fb349266eeb4f4dbaa760ba60abcf82143140d

SHA512
f6046636c30aed66c5a29df22d038f38b7adde73aa6d4709fe54ba54cce86e4752bacc549dadd0d2cefc86faaee47d4408d3a6b98fa9cb3acb6386257a1869b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
e7c6ad93891f004f79f5e8c676e64a62

SHA1
45fbe4e6871730c948a28a621361ea25420f4b3c

SHA256
ce5726fc7794138074713587f87913482efbc24924f8e2ee12d1fa4cfa074def

SHA512
74e2989a88c768b1ec3b4141226e44ac0eb0d9e1d084a921a4f1e00f2d1755c0defa8857b2089f6555b3b6d523b24ac7a149d48382c753db88258469de91953e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.EnCiPhErEd

Filesize
405B

MD5
e5188c82605eeb2c092af3bc9fae7168

SHA1
b3a422b9604a2a02c756310b419a7779c548698b

SHA256
9671e044dced3ca007a90ef897a568883e4c12d4264320b36b85961be929eef9

SHA512
4105b130f04958bb941d1617f69a1a6d7710b08453bad49d3da47db228dc2643e2217134b19c243dfd9d50b9f07f3bfad3e922a7f4fc298831d040b971006130

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
a987f734f3d54d8040c794e0071e25fc

SHA1
6b3bf950965dcdfd13c8c491528bfe1d3483833f

SHA256
9ecf97140aa13a14a96fb92d17980631fe56f7ee04377297a84f32421d245382

SHA512
1421bdd4ea5741914106fe9f96964a7135bb6f60447e2c47b3ce25813e016ba6c90744c7db89c6a447b259ebd579b7993a4bc1738ff71ef2c8c14e7e7d1b5586

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
614c001e7ba3e2544ca4aedc58ef766f

SHA1
8b2392df7cb96b1eeb4d89b5206333d68c1fa58e

SHA256
12d083b25a510f89c54be59a62f9496fa95ce5877b7051f39f74b94b3acdac1a

SHA512
894d06e1ab9b3ff9ead865e2cf32dcbee169d9a4a78e546a3ce48b09cfacd83ea73be2ab1a8873c641a87fd51e01aa20f7c0a10ab4ceb8760538d43bed743f07

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d2889e77b34b1add172cb5aa7735766e

SHA1
d7873f44de2f16503ad2c10794ec1ca9f1839515

SHA256
19f85a1b1648399a5d77177f7530b957f8e3b75c4a410418981a16e79a4c3f11

SHA512
2e613fa7c8c7d1b4657a5832b304c7390bbe0162e4a7cd416345d1a5bf5f674032b3c46ea41e88cffdfc06ee2c5c99a2809cc3e93d876f72590a4edee85817e1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
774224fc47788fcc8ba396714daf3397

SHA1
05ce791291f9a63e43445f7e097d36e217e99129

SHA256
bf52e36e9913b59fc87ed5ac12219e57ac0826617fa5aee0c2d7958ecb0c3656

SHA512
b8e1878c8706f64f77894c56773b67a38d06dfda5ece9b936814f5deaaa6ba35f81e9963831add6de79c5d6cfebbaa37f9ef49c708dd64433e8261eeb43078ab

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
562f4b236460dc602fadbf72984cdaac

SHA1
e321cd617b7ae669e1ebd3f6edbc5758cbb08020

SHA256
d529732483aae16f967b84c7f5ad1294b0d4415001629f6874178e2778cf8a16

SHA512
6791aa55b5e676d892bfb8a7119b393bb3b5452d7352622faae9596e3ad732466e154a3a49661b152f1eea490d048180408bc71a7d4e9aadcf7dc6ccacb6518d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
18d337e9930c740c0713ef9957746a6b

SHA1
a7e7889207833f67bcee821399022f324eea3b08

SHA256
b2ff8b2d9608e302d1ec22feb9a9af284b23264c50eec4d3215e639cdc58fa42

SHA512
a6027756f4b9cc5d2819ecd0968071ea6654a3c6395376dd5fdec96e8c2e6e02b23d086ec7647525898573e5511b681ad6fa7114c01db3d44127ea244e30c23c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
4963e2ac5ce4d7b547490ad3beb35d37

SHA1
e395425ba63315c7f9b46e8e09a502a553e10cca

SHA256
de8dcc37e4d27965000c7a20360b2e98f162fc305777a3265b6eab3bc743f4c1

SHA512
ac6d2cd21ccbace287752f8a40342bc55b9dab2ae05402b98f1d1ce351acc754a70926cd679881b6c301dc6fefadd92e310c9ef3ba778652b241fafabcc9a994

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ef919bb00b315782d39474723d9ce491

SHA1
2939a460ab0b7c308bcac21901fadd429507152a

SHA256
3fa0f650c648660b2f72c70ee185881413cdb7c23bd4ec1931d88d3d4cc9c963

SHA512
9d53a5b3eb4b2aff613fc32b8781e833524e23e22dd9d49656f4edc8f6a80eb1e619902abd07e56ded3ed63c939b24fab445691069d67732af4d203c0b12a9e3

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d02b9463ec4abbd81b5d0793688423c7

SHA1
9a9809dd98dce27407205da3affbfc6aebc3d84a

SHA256
f957a81d5b7d900ab17f0560525b3936884d2d10d8d9ed7ba93309b1f302b82a

SHA512
12a6d34ab2baae141ca87229d422b3cdc2c7b6f19fbbe89d7f052fe3daa659972a001d58f5b58424202a5095ad2e3a627134137c81a08e06c2c5e1bad11ace60

Download Submit
memory/3096-3329-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3096-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3096-11203-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads